Login Register

How to Use the Social-Engineer Toolkit (SET) in Kali Linux

The Social-Engineer Toolkit (SET) is a powerful penetration testing tool for Kali Linux. This tutorial guides you through downloading, installing, and using SET to simulate various attacks and assess system security. Remember to use SET responsibly and only on systems you have explicit permission to test.

Download and Install SET

First, open a Kali Linux terminal (Ctrl+Alt+T). Then, clone the SET repository using Git:

git clone https://github.com/trustedsec/social-engineer-toolkit.git set

Next, navigate to the directory and install SET using Python:

cd set
sudo python setup.py install

This installs the latest version of SET. For further information, consult the official documentation.

Launching SET

Launch SET from your terminal with the command:

setoolkit

This opens the SET main menu, presenting a list of attack vectors and methods. Select the desired attack vector and follow the on-screen prompts to configure the attack parameters. For example, a spear-phishing attack requires specifying the target's email address, subject, and message body, along with SMTP server details and sender information.

Selecting an Attack Vector

SET offers a variety of attack vectors, each with unique capabilities:

  • Spear-Phishing Attack Vectors
  • Website Attack Vectors
  • Infectious Media Generator
  • Create a Payload and Listener
  • Mass Mailer Attack
  • Teensy USB HID Attack Vector
  • SMS Spoofing Attack Vector
  • Wireless Access Point Attack Vector
  • Third-Party Modules

After launching SET, choose your attack vector from the menu. The subsequent steps will guide you through configuring the specific parameters for your chosen attack.

Selecting an Attack Method

After selecting an attack vector, SET presents available attack methods. These methods define the specific technique used within the chosen vector (e.g., for a spear-phishing vector, you might choose a credential-harvesting method). The menu will guide you through the selection process.

Configuring the Attack

Once the attack vector and method are selected, you'll configure the attack parameters. This might involve specifying target details (email addresses, URLs, etc.), payload settings, and other relevant options. SET uses a menu-driven interface, prompting you for each necessary parameter. You can use the `set` command within SET to directly set specific parameters if you prefer. For example: 

set TARGETEMAIL example@example.com

Executing the Attack

After configuration, execute the attack using the options provided in SET's interface. Monitoring the progress is typically done through the terminal window. Note: Never launch an attack without explicit permission from the system owner.

Analyzing Results

After the attack, use SET's built-in features (often a "show results" command) to analyze the outcome. This might include reviewing collected data and logs. Careful analysis helps determine the success of the attack and identify any potential vulnerabilities in the target system.

Useful Links

Disclaimer: Use the Social-Engineer Toolkit responsibly and ethically. Only perform penetration testing on systems where you have explicit permission. Unauthorized use is illegal and unethical.

Kali Linux for IoT Pen-Testing

Kali Linux for Virtualization and Cloud Pen-Testing

Kali Linux for Reverse Engineering and Malware Analysis

Kali Linux for Cryptography and Encryption Testing

Kali Linux for Physical Security Testing

Kali Linux for Compliance and Auditing

Kali Linux for Supply Chain and Industrial Control System Testing

Kali Linux for Insider Threat Detection and Prevention

Kali Linux for Vulnerability Management

Kali Linux for Threat Intelligence Gathering